Aggregator

A vulnerability described as problematic has been identified in RexTheme WP VR Plugin up to 8.5.42 on WordPress. Affected by this issue is some unknown functionality. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-62885. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in webnique USERCENTRICS CMP Plugin up to 1.0.9 on WordPress. Affected by this vulnerability is an unknown functionality. Performing manipulation results in cross site scripting. This vulnerability was named CVE-2025-62920. The attack may be initiated remotely. There is no available exploit.

A vulnerability identified as problematic has been detected in Premmerce Brands for WooCommerce Plugin up to 1.2.13 on WordPress. This impacts an unknown function. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2025-62890. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in WPClever WPC Smart Messages for WooCommerce Plugin up to 4.2.4 on WordPress. Affected is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-62903. The attack can be launched remotely. No exploit exists.

A vulnerability was found in nanbu Welcart e-Commerce Plugin up to 2.11.24 on WordPress. It has been rated as critical. The impacted element is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-62953. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as problematic has been discovered in Brainstorm Force Ultimate Addons for WPBakery Page Builder Plugin up to 3.21.0 on WordPress. This affects an unknown function. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-48088. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in QuantumCloud ChatBot Plugin up to 7.3.0 on WordPress. It has been declared as critical. The affected element is an unknown function. Executing manipulation can lead to missing authorization. This vulnerability appears as CVE-2025-62952. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Codeinwp Revive Old Posts Plugin up to 9.3.3 on WordPress. It has been classified as critical. Impacted is an unknown function. Performing manipulation results in missing authorization. This vulnerability is reported as CVE-2025-62954. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Jthemes xSmart Plugin up to 1.2.9.4 on WordPress and classified as problematic. This issue affects some unknown processing of the component Web Page. Such manipulation leads to basic cross site scripting. This vulnerability is documented as CVE-2025-62936. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in adivaha Flights & Hotels Booking WP Plugin up to 3.1 on WordPress and classified as critical. This vulnerability affects unknown code. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-62916. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in MPDV Mikrolab MIP 2, FEDRA 2 and HYDRA X. This affects an unknown part. The manipulation of the argument Filename results in path traversal. This vulnerability is cataloged as CVE-2025-12055. The attack may be launched remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 一个与巴基斯坦有关联的威胁行为体被发现针对印度政府实体发起鱼叉式网络钓鱼攻击，旨在投递一种基于Golang的恶意软件，名为DeskRAT。 Sekoia在2025年8月和9月观测到此次活动，并将其归因于Transparent Tribe（又名APT36），这是一个至少自2013年以来就活跃的由国家资助的黑客组织。此次攻击也建立在CYFIRMA于2025年8月披露的先前活动之上。 攻击链涉及发送包含ZIP文件附件的网络钓鱼邮件，或者在某些情况下，发送指向托管在Google Drive等合法云服务上的存档文件的链接。ZIP文件中包含一个恶意的Desktop文件，该文件嵌入了使用Mozilla Firefox显示诱饵PDF（”CDS_Directive_Armed_Forces.pdf”）的命令，同时执行主有效载荷。 这两个组件都从一个名为”modgovindia[.]com”的外部服务器拉取并执行。与之前一样，该活动旨在针对BOSS Linux系统，其远程访问木马能够使用WebSocket建立命令与控制。 该恶意软件支持四种不同的持久化方法，包括创建systemd服务、设置cron作业、将恶意软件添加到Linux自动启动目录以及配置.bashrc通过写入特定目录的shell脚本启动木马。 DeskRAT支持五种不同的命令： ping：向C2服务器发送带有当前时间戳和”pong”的JSON消息。 heartbeat：发送包含heartbeat_response和时间戳的JSON消息。 browse_files：发送目录列表。 start_collection：搜索并发送匹配预定义扩展名且小于100 MB的文件。 upload_execute：投递额外的Python、shell或Desktop有效载荷并执行。 值得注意的是，该组织还针对Windows端点分发名为StealthServer的Golang后门，表明其具有跨平台攻击重点。StealthServer的Windows版本存在三个变种，功能逐步演进，并加入了反分析技术。 与此同时，其他南亚和东亚威胁组织也相当活跃： Bitter APT：针对中国和巴基斯坦的政府、电力及军事部门，利用漏洞投递C#植入程序。 SideWinder：针对巴基斯坦、斯里兰卡等国海事等领域，开展代号为”Operation SouthNet”的集中活动。 OceanLotus：在针对中国及东南亚国家的攻击中投递Havoc利用后框架。 Mysterious Elephant：使用多种初始访问手段，投递BabShell反向shell和MemLoader等加载器，最终执行Remcos RAT等 payload。 这些入侵活动还特别关注从受感染主机窃取WhatsApp通信记录，使用了诸如Uplo Exfiltrator和Stom Exfiltrator等模块。此外，还使用了ChromeStealer Exfiltrator来窃取Chrome浏览器中的Cookie、令牌等敏感信息以及WhatsApp相关文件。 这些活动描绘出该地区威胁行为体技术不断演进、活动频繁的图景，对亚太地区的政府实体和关键部门构成了持续且复杂的威胁。   消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as problematic, has been found in Brecht WP Recipe Maker Plugin up to 10.1.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. This vulnerability is listed as CVE-2025-62897. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as problematic was found in Publitio Plugin up to 2.2.3 on WordPress. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to insertion of sensitive information into sent data. This vulnerability is tracked as CVE-2025-62947. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in everestthemes Everest Backup Plugin up to 2.3.8 on WordPress. Affected is an unknown function. Performing manipulation results in missing authorization. This vulnerability is identified as CVE-2025-62946. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in Mark O'Donnell MSTW CSV EXPORTER Plugin up to 1.4 on WordPress. This impacts an unknown function. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2025-62944. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as critical has been reported in Reoon Email Verifier Plugin up to 2.0.1 on WordPress. This affects an unknown function. This manipulation causes missing authorization. The identification of this vulnerability is CVE-2025-62938. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in wprio Table Block by RioVizual Plugin up to 2.3.2 on WordPress. The impacted element is an unknown function. The manipulation results in missing authorization. This vulnerability was named CVE-2025-62932. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as critical has been detected in IDonate Plugin up to 2.1.12 on WordPress. The affected element is an unknown function. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-11154. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.